Hack Challenge
After H4X0R has successfully accomplished the first hack challenge, he had nothing else to do and got bored. As he is a little upset since the PhyLiSec workshop reviews were pretty negative, he decided to again hack DISCO's network. During the first hack challenge, you noticed that there is some damn vulnerable web application on the webserver from which you stole the exam (http://131.246.19.171/websec/). The teaching assistant who administrates that server thought it might be secure enough to restrict the access to that application to the university network (IP 131.246.*). However, he did not take into account that the infamous H4X0R gained access to that network and is planning his next malicious actions already.
Tasks
To complete the second hack challenge, you have to do the following tasks:
- Get access to that web application
- Complete the CSRF, XSS, and SQL Injection modules
- Send proof (credentials and screenshots) to This email address is being protected from spambots. You need JavaScript enabled to view it.
As in the last hack challenge, you can find all relevant information in the NetSec slides! The deadline for this hack challenge is the 19th of February (23:59).
Important note: Please do not delete or update the users table! Otherwise other students will not be able to log in anymore.
Organization
Most frequently asked questions: You can work in your group and there is no registration necessary!
Troubleshooting
Some of you trolls are messing up the user database :-/ If default user and password are not working, send a mail to Carolina and Matthias and we'll reset everything.
We offer a variety of bachelor and master